Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@toruslabs/secure-pub-sub
Advanced tools
secure-pub-sub
Introduction
This repo allow you to publish and subscribe to a single message in a topic
Features
- Typescript compatible. Includes Type definitions
- All API's return
Promises
Installation
Bundling
This module is distributed in 3 formats
lib.esmbuilddist/lib.esm/index.jsin es6 formatlib.cjsbuilddist/lib.cjs/index.jsin es5 formatumdbuilddist/securePubSub.umd.min.jsin es5 format without polyfilling corejs minified
By default, the appropriate format is used for your specified usecase You can use a different format (if you know what you're doing) by referencing the correct file
The cjs build is not polyfilled with core-js. It is upto the user to polyfill based on the browserlist they target
Directly in Browser
CDN's serve the non-core-js polyfilled version by default. You can use a different
jsdeliver
<script src="https://cdn.jsdelivr.net/npm/@toruslabs/secure-pub-sub"></script>
unpkg
<script src="https://unpkg.com/@toruslabs/secure-pub-sub"></script>
Tips for NUXT
This is a plugin that works only on the client side. So please register it as a ssr-free plugin.
Usage
Add @toruslabs/secure-pub-sub to your project:
To allow your web app to retrieve keys:
Install the package
npm i @toruslabs/secure-pub-sub
or
yarn add @toruslabs/secure-pub-sub
Requirements
- This package requires a peer dependency of
@babel/runtime - Node 20+
Keywords
FAQs
Helper methods secure publish and subscribe to a topic
The npm package @toruslabs/secure-pub-sub receives a total of 13,303 weekly downloads. As such, @toruslabs/secure-pub-sub popularity was classified as popular.
We found that @toruslabs/secure-pub-sub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 24 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025